﻿namespace Dcms.Common
{
    using System;
    using System.Web;
    using System.Configuration;

    public class HttpModule : IHttpModule
    {
        private static readonly string DEFAULTLANAGUAGE = ConfigurationManager.AppSettings["DEFAULTLANAGUAGE"];
        private static readonly string WebSitePath = ConfigurationManager.AppSettings["WebSite"].ToLower();

        public void Application_OnError(object sender, EventArgs e)
        {
            HttpApplication application = (HttpApplication) sender;
            HttpContext context = application.Context;
            context.Response.Write("<html><body style=\"font-size:14px;\">");
            context.Response.Write("DCMS Error:<br />");
            context.Response.Write("<textarea name=\"errormessage\" style=\"width:80%; height:200px; word-break:break-all\">");
            context.Response.Write(HttpUtility.HtmlEncode(context.Server.GetLastError().ToString()));
            context.Response.Write("</textarea>");
            context.Response.Write("</body></html>");
            context.Response.End();
        }

        public void Dispose()
        {
        }

        public void gotoAndPlay(string Url)
        {
            HttpContext.Current.Response.Redirect(WebSitePath + Url);
        }

        public void Init(HttpApplication context)
        {
            context.BeginRequest += new EventHandler(this.ReUrl_BeginRequest);
        }

        public bool IsTrueUrl(object sender)
        {
            HttpRequest request = ((HttpApplication) sender).Context.Request;
            foreach (string item in request.QueryString)
            {
                if (!Utils.IsSafeSqlString(request.QueryString[item])) return true;
            }
            return false;
        }

        private void ReUrl_BeginRequest(object sender, EventArgs e)
        {
            HttpContext context = ((HttpApplication) sender).Context;
            string requestPath = context.Request.Path.ToLower();
            if (requestPath.StartsWith(WebSitePath))
            {
                int countS = SiteUrls.GetSiteUrls().Urls.Count;
                for (int i = 0; i < countS; i++)
                {
                    URLRewrite URL = (URLRewrite) SiteUrls.GetSiteUrls().Urls[i];
                    if (requestPath.Substring(WebSitePath.Length).IndexOf(URL.Path.ToLower()) == URL.Value)
                    {
                        string lastPath = requestPath.Substring(context.Request.Path.LastIndexOf("/"));
                        if (lastPath == "/default.aspx") lastPath = "/index.aspx";
                        if (this.IsTrueUrl(sender))
                        {
                            Log.LogHandler.LogError("HttpModule.ReUrl_BeginRequest", "有人正在非法的访问网站，访问的页面为：" + context.Request.Path);
                            context.RewritePath("/System/Error.aspx?Error=你请求的路径含有非法字符");
                        }
                        else
                            context.RewritePath(WebSitePath + URL.Page + lastPath);
                        break;
                    }
                }
            }
        }
    }
}

